Home > Network Management > openssl-ciphers

openssl-ciphers: Managing SSL/TLS Cipher List

The openssl-ciphers command is used to display and manage the list of SSL/TLS ciphers supported by the OpenSSL library. It is useful for checking the list of ciphers for a specific protocol version (e.g., SSLv3, TLSv1.2) or for validating and interpreting a cipher string.

Overview

This command is essential for understanding and configuring the cipher suites available in OpenSSL-based applications. It is used for security audits, compatibility testing, or meeting specific encryption requirements.

Key Features

  • Display all supported ciphers: Shows a list of all ciphers supported.
  • Filter ciphers for specific protocol versions: Filters ciphers for specific protocol versions like TLSv1.2 or TLSv1.3.
  • Parse and validate cipher strings: Parses and validates the syntax of a cipher string.
  • Check detailed information on cipher suites: Provides detailed information about each cipher suite.

Key Options

The openssl-ciphers command offers various options to control the output format and content.

Output and Information

Protocol Filtering

Cipher String

Generated command:

Try combining the commands.

Description:

`openssl-ciphers` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Various usage examples for the openssl-ciphers command.

Check the default cipher list

openssl ciphers

Displays the default list of cipher suites supported by the current OpenSSL configuration.

Check cipher list with detailed information

openssl ciphers -v

Displays detailed information for each cipher suite, including protocol, key exchange, encryption, and hash algorithms.

Check ciphers supported by TLSv1.2

openssl ciphers -tls1_2

Filters and displays only the cipher suites available for the TLSv1.2 protocol.

Validate and interpret a specific cipher string

openssl ciphers 'HIGH:!aNULL:!MD5'

Checks the list of ciphers with HIGH strength, excluding anonymous authentication (aNULL) and MD5 hashes.

Check TLSv1.3-only cipher list

openssl ciphers -tls1_3

Displays the list of cipher suites used exclusively by the TLSv1.3 protocol.

Tips & Cautions

Important tips and cautions for using openssl-ciphers.

Security Recommendations

Older protocols (SSLv3, TLSv1.0, TLSv1.1) have security vulnerabilities and should be avoided. It is recommended to use the latest TLSv1.2 or TLSv1.3.

  • Always use the latest OpenSSL version: Ensures you have the most up-to-date security features and patches.
  • Disable weak cipher suites: Disable weak cipher suites like RC4 and DES to enhance security.
  • Prioritize cipher suites with Forward Secrecy: Prefer cipher suites that offer Forward Secrecy (e.g., DHE, ECDHE) for better security.

Understanding Cipher Strings

OpenSSL cipher strings are powerful and flexible but can be complex. You can check the 'man ciphers' command for detailed syntax and examples. For instance, 'ALL' means all ciphers, and '!aNULL' means ciphers that do not use anonymous authentication.

Same category commands

curl

The Complete Guide to the Curl Command

dig

dig: DNS Information Lookup Tool

ftp

ftp: File Transfer Protocol Client

host

host: Simple DNS Information Lookup Tool

http

Mastering the HTTPie Command